SlideShare une entreprise Scribd logo

Effective User Life Cycle Management in Active Directory

Zoho Corporation
Zoho Corporation

Universally, user management is one of the frequently-performed tasks in Active Directory. And the challenges involved in it are quite common throughout the globe too notwithstanding the tools that Microsoft provides us, such as, PowerShell. Obviously, there is a huge rift between what Microsoft's user management tools (like ADUC) do and what administrators expect out of them. In this commercial whitepaper, Derek Melber (Active Directory MVP), talks about this gap and also points out how ManageEngine tools address the challenges involved in Active Directory user life cycle management.

Technologie
1  sur  12
Télécharger pour lire hors ligne
Effective Ways to Manage User Life Cycle in Active Directory
What’s this whitepaper about? Although Active Directory is a powerful and popular directory service, there are significant gaps between its user management features and administrators’ needs, much of which could be owed to its lack of built-in functionality for common tasks. This commercial whitepaper authored by Derek Melber, Active Directory MVP, illustrates how key aspects of user lifecycle management are addressed by ManageEngine tools. About the author: Derek is a technical evangelist for the ADSolutions team at ManageEngine. As an Active Directory MVP, Derek is much sought after globally for his knowledge, insight, and keen understanding of the Windows product line. He writes for, speaks to, and educates thousands of IT professionals all across the world every year. You can reach Derek at derek@zohocorp.com.
Provisioning, Managing, and De-provisioning User Accounts Through a Life Cycle Every organization has to deal with employee turnover. “People come and people go” as they say. Along with the turnover, the user accounts for all of those employees must also be managed. When employees are hired, new user accounts must be created. On the other end, when employees leave the organization, their user accounts must be disabled and eventually deleted. When a single user is hired or leaves the company, those tasks seem minor and quite simple. And they are. But what about an organization with an employee population of 5,000 to 10,000 or 100,000 – or more? Now, the turnover is not just one employee at a time. It’s more like hundreds of employees at a time. The management of user accounts must also coincide with the management of groups, computers, domain controllers, services, security, applications, files, and everything else that must be managed on a typical corporate network. Managing user accounts through the life of the account can be both taxing and unrelenting. However, some solutions manage users from creation, through changes over their employment, to removal when the user account is no longer needed. Such systems reassure administrators that all user accounts will be correctly managed and the daily tasks of user life cycle management will be addressed. User Account Life Cycle Overview All administrators are fully aware of what it takes to take a user account from inception to elimination. What most administrators aren’t fully aware of is the user account life cycle management procedure as a whole. Figure 1 illustrates what is required to manage a user account from the time it is created to the time it must be deleted from the system. Each stage has many moving parts and details that can get lost in daily activities, and that makes it vital to investigate a solution that will help take users from one stage to the next. Figure 1. User account life cycle.
What Microsoft Active Directory Solutions Provide for User Life Cycle Management Everyone that has Active Directory is aware of the tools that Microsoft provides with the solution such as Active Directory Users and Computers, Active Directory Domains and Trusts, and tools that manage DNS, DHCP, and other network services. Microsoft even offers tools that are not 100% Active Directory related, such as System Center and PowerShell, which can be leveraged to help manage the Active Directory environment. What about user account management? What does Microsoft provide to the administrator to manage user accounts from creation through deletion? Let’s look at each key area of user account life cycle management to determine what Microsoft provides to help with the process. Creating User Accounts Microsoft provides Active Directory Users and Computers as the main tool for managing user accounts. The tool is designed to be a single view of a single domain, so you can see how the users are organized within the organizational units. When it comes to single user creation, Active Directory Users and Computers gets the job done – but not as seamlessly as most administrators would like. Due to the structure of the schema and the limitations of the user creation wizard, only a few of the most basic (and necessary) properties can be established during the creation of a user account. These properties can be seen in Figures 2 and 3, which show the options available during the creation of a user account using Active Directory Users and Computers. Figure 2. Basic properties that need to be established while creating a user
Figure 3. All of the other properties for the user account must be configured “after” the user is created. This might not seem like a limitation, but it is when you have to create multiple users. The iterations of creating users and only then to have to edit each user to configure the properties can be time consuming. When it comes to creating users in bulk, using Active Directory Users and Computers is just not an option. But let’s say an HR rep hands you a CSV file containing the latest batch of new employees. Does Microsoft provide any tools that can take this list of employees and make user accounts for them? Technically, the answer is “yes” – but with great caveats. The longstanding tool, CSVDE, can take a CSV file containing employee names and other properties and create user accounts from it. The caveats? CSVDE offers no GUI, no confirmations of success, and no mechanism to identify failures or explain their cause. Another tool, PowerShell, can also create users in bulk. This tool has the same limitations as CSVDE. Finally, what does Microsoft provide the administrator who wants to create users using a template? Very little. For a single user, you can select an existing user account and “copy” it to create another single user account that will have the same group memberships as the copied user account. When it comes to bulk user creation templates, Microsoft has nothing to offer. In the end, Microsoft tools only offer a partial solution that confines you to creating single users, one at a time. Bulk user creation, using either CSV files or templates, just can’t be done efficiently using Microsoft tools.
Managing User Accounts One of the more complex aspects of user account life cycle management is modifying user account properties to reflect changes in the user’s job, role, responsibilities, and access privileges. Group membership is simple at first glance but becomes complex as soon as group nesting, local groups, and access control list inclusion are involved. Keeping a tight rein on group membership is vital to the overall security of your Active Directory enterprise and asset management. Another key user account management issue is ensuring the correct location of each user account within the Active Directory structure. Incorrect placement of a user account in an organizational unit could lock down the user and render him or her unproductive. Incorrect placement could also loosen up security and give the user access to assets he or she should not be able to access. Unfortunately, Microsoft provides no tools to help manage user accounts during the life of the account. When employees’ roles, jobs, responsibilities, and access privileges change, Microsoft has nothing to help ensure the correct group membership or organizational unit location is correct. These corrections also include the properties related to a user account, which cannot be managed or altered based on an employee status. While a tool like PowerShell or VBScript could be used to perform such tasks, but those tools don’t come with these features by default. Someone would need to customize these tools to perform these management tasks. Even if successful, you still wouldn’t have a GUI or any reporting associated with the management to inform you of any issues that might arise during the management of the user accounts. De-provisioning of User Accounts When an employee leaves the company, good security protocol is to immediately eliminate the user account associated with the employee. This is often accomplished by disabling the user account and moving the user account to an organizational unit where it is locked down through group policy, which is controlling all of the user accounts in the organizational unit. For these scenarios, Microsoft tools do not provide any management of user accounts at this level. The Microsoft tools are geared towards initial creation, manual management, and manual control of the user account upon the employee’s departure from the company. What ManageEngine ADManager Plus Provides for User Life Cycle Management For any corporation or administrator charged with managing Active Directory, ADManager Plus provides easy user account management, automated user account management, provisioning, de-provisioning, and user account recovery. Any tool that goes beyond the Microsoft tools should be extremely easy to use, perform all of the actions in an area that you are addressing, and provide an immediate return to your company. ADManager Plus meets all of those requirements and more. Creating User Accounts The creation of a single user or even bulk users should be a streamlined, efficient, and easy process. ADManager Plus provides a simple-to-use interface for both single user and bulk user account creation. The Microsoft solution to creating user accounts relies heavily on the Active Directory schema and the mandatory attributes of the user object. That reliance is a downfall of the Microsoft solution and one that ADManager Plus avoids.
When creating a single user or bulk users, ADManager Plus gives you the opportunity to configure all of the user attributes, eliminating the need to iterate back and forth, per user, to configure all of the user properties. Figure 4 illustrates the breadth of the user object properties that can be configured at user account creation. Figure 4. All user account properties can be configured during creation. A more complete list of user profile properties that are configurable at user creation include:  First name, last name, initials  Logon names  Display name  Employee ID  Office information  Logon script  User profile path  Delegations  Group memberships  Account expirations  Telephones, addresses, organization info  Exchange server details  Terminal server details  Custom attributes If multiple users need to be created, they it will often be created through a CSV file provided by HR or some other entity. ADManager Plus consumes CSV files with ease. Before generating the user accounts, ADManager Plus gives the administrator a summary of the user accounts that will be created and all of
the properties that the CSV file includes. This information enables a more efficient method of creating user accounts, as there will be fewer errors and failures during the user creation process. Simply import the CSV file into ADManager Plus, so you can review the contents before the user accounts are created as shown in Figure 5. Figure 5. Importing CSV files is easy and provides for quick review for errors. Each row contains approximately 20 properties in this example, which can all be seen by scrolling across the table output. This allows for verification before the next step, which is to define which container the user accounts will be created in. This is a key aspect of the user account creation (single or bulk) as moving objects after creation can be difficult and can cause incorrect configurations if the objects are not located properly. The selection of the container is easy to make as a view of the Active Directory structure is presented, allowing you to choose the container as you can see in Figure 6.
Figure 6. During user account creation, user accounts are located in the correct AD container. As you can see above, the creation of bulk user accounts using ADManager Plus is easy and efficient. And if you were to use the user template option, you could use wildcards and variables to generate the majority of the user properties, eliminating the need to have those fields in the CSV file or to fill out in the user creation GUI as seen in Figure 7.
Figure 7. Templates allow for variables and wildcards for quick and efficient user account creation. Managing User Accounts Often, a user will move from one stage to another in his or her career. For instance, an intern becomes a full-time employee, a full-time employee becomes a contractor, a student advances from 1st grade to 2nd grade, or many other scenarios. In such situations, the user account must be modified to meet the new employee responsibilities, access demands, and other environment requirements. Without some reminder or existing workflow process, the administrator will need to remember to perform these actions on the date of the change to the employee. This work often will fall through the cracks, and the administrator will either forget to perform the action, or if many user accounts are affected, one or more user accounts will not be configured correctly. Instead of having a human responsible for such configurations, it is better to have a computer perform the action on the required day. Building in an automated schedule for how user accounts will be managed is extremely easy to do with ADManager Plus. As Figure 8 shows, you can create one or more actions that will be performed on the user account as the user account ages and as milestones are hit.
Figure 8. Automation policies automatically perform actions to user accounts. Now, you are able to create an elaborate or simple set of rules that will apply to specific user accounts. The rules will have a schedule associated with them, which automatically performs the actions, so you don’t need to remember to perform the action. This will create a stable, secure, and compliant environment for all user accounts. De-Provisioning User Accounts In a similar fashion to managing a user account when the employee changes roles and responsibilities, user accounts need to be de-provisioned upon certain milestones. There are at least two scenarios in which user de-provisioning is viable. The first is when you know that a user account needs to be disabled, based on the employee contract or other factors related to the user. This could be the last step in the automated management of the user account in the section above. Another scenario is when an employee is separated from the organization and his or her account is disabled. Upon disabling the user account, the automated rule could place the user account into a different organizational unit. This would help keep the user account secured and locked down. Then, another rule in the automation policy could delete the user account after a certain period of time, per the corporate policy. That automation policy would look like Figure 9 in ADManager Plus.
Figure 9. De-provisioning of user accounts is automatic to ensure security of the enterprise. With ADManager Plus, user accounts will no longer be orphaned, left enabled after separation, or retained in the Active Directory after the corporate policy’s purge time frame. Summary User account life cycle management is simple upon first glance, but the details and requirements for the creation, management, and de-provisioning of user accounts can be complex. The Microsoft tools are far from complete when it comes to user account life cycle management. In turn, administrators must perform more actions to complete mundane tasks or develop scripts to manage users as they move through their life cycle. ADManager Plus from ManageEngine solves those issues quickly, efficiently, and cost effectively. The tool is designed for every aspect of life cycle management for user accounts, as well as for other Active Directory objects. With its easy-to-use GUI configurations and its reporting and error information, ADManager Plus will make your user account management simple in the future.

Recommandé

Share point saturday2013 upsa_3rd_party_tool awareness
Share point saturday2013 upsa_3rd_party_tool awarenessShare point saturday2013 upsa_3rd_party_tool awareness
Share point saturday2013 upsa_3rd_party_tool awarenesspangressive
 
Microsoft Dynamics CRM 2011 Walkthrough Part 1
Microsoft Dynamics CRM 2011 Walkthrough Part 1Microsoft Dynamics CRM 2011 Walkthrough Part 1
Microsoft Dynamics CRM 2011 Walkthrough Part 1Jukka Niiranen
 
2012 Award Winners for Adaptive Case Management
2012 Award Winners for Adaptive Case Management2012 Award Winners for Adaptive Case Management
2012 Award Winners for Adaptive Case ManagementFuture Strategies Inc.
 
Critical Analysis of SW Development tool/methodology
Critical Analysis of SW Development tool/methodologyCritical Analysis of SW Development tool/methodology
Critical Analysis of SW Development tool/methodologyDavid O' Connor
 
Loan Approval Management Java project
Loan Approval Management Java projectLoan Approval Management Java project
Loan Approval Management Java projectTutorial Learners
 
Human Resource Management System Java Project
Human Resource Management System Java ProjectHuman Resource Management System Java Project
Human Resource Management System Java ProjectTutorial Learners
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceRichard Tong
 
2005_604_Wagner_ppr
2005_604_Wagner_ppr2005_604_Wagner_ppr
2005_604_Wagner_pprMary Wagner
 

Recommandé

Share point saturday2013 upsa_3rd_party_tool awareness
Share point saturday2013 upsa_3rd_party_tool awarenessShare point saturday2013 upsa_3rd_party_tool awareness
Share point saturday2013 upsa_3rd_party_tool awarenesspangressive
 
Microsoft Dynamics CRM 2011 Walkthrough Part 1
Microsoft Dynamics CRM 2011 Walkthrough Part 1Microsoft Dynamics CRM 2011 Walkthrough Part 1
Microsoft Dynamics CRM 2011 Walkthrough Part 1Jukka Niiranen
 
2012 Award Winners for Adaptive Case Management
2012 Award Winners for Adaptive Case Management2012 Award Winners for Adaptive Case Management
2012 Award Winners for Adaptive Case ManagementFuture Strategies Inc.
 
Critical Analysis of SW Development tool/methodology
Critical Analysis of SW Development tool/methodologyCritical Analysis of SW Development tool/methodology
Critical Analysis of SW Development tool/methodologyDavid O' Connor
 
Loan Approval Management Java project
Loan Approval Management Java projectLoan Approval Management Java project
Loan Approval Management Java projectTutorial Learners
 
Human Resource Management System Java Project
Human Resource Management System Java ProjectHuman Resource Management System Java Project
Human Resource Management System Java ProjectTutorial Learners
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceRichard Tong
 
2005_604_Wagner_ppr
2005_604_Wagner_ppr2005_604_Wagner_ppr
2005_604_Wagner_pprMary Wagner
 
Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Zoho Corporation
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
 
7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​Zoho Corporation
 
Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Zoho Corporation
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Zoho Corporation
 
Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Zoho Corporation
 
BMS-PPT-7viyvv.pptx
BMS-PPT-7viyvv.pptxBMS-PPT-7viyvv.pptx
BMS-PPT-7viyvv.pptxsarahtucker61
 
Medicine For World
Medicine For WorldMedicine For World
Medicine For WorldSaifur Rahman
 
Intranet Solution Using Liferay
Intranet Solution Using LiferayIntranet Solution Using Liferay
Intranet Solution Using LiferayAzilen Technologies Pvt. Ltd.
 
ASSIGNMENT
ASSIGNMENT ASSIGNMENT
ASSIGNMENT خالد الرشيدي
 
Seamless Business Process Management
Seamless Business Process ManagementSeamless Business Process Management
Seamless Business Process ManagementSom Imaging Informatics Pvt. Ltd
 
Resume-Updated
Resume-Updated Resume-Updated
Resume-Updated SAKIR HUSSAIN
 
ADMP+PPT1.ppt
ADMP+PPT1.pptADMP+PPT1.ppt
ADMP+PPT1.pptBalakumarSP2
 
Spreadsheet Management with the new Microsoft Office
Spreadsheet Management with the new Microsoft OfficeSpreadsheet Management with the new Microsoft Office
Spreadsheet Management with the new Microsoft OfficeDavid J Rosenthal
 
IRJET- Employee Management System
IRJET- Employee Management SystemIRJET- Employee Management System
IRJET- Employee Management SystemIRJET Journal
 
Blog Management System
Blog Management SystemBlog Management System
Blog Management SystemStudentRocks
 
dairy farm mgmt.pptx
dairy farm mgmt.pptxdairy farm mgmt.pptx
dairy farm mgmt.pptxMusabInamdar2
 
Enterprise Risk Management Software
Enterprise Risk Management SoftwareEnterprise Risk Management Software
Enterprise Risk Management SoftwareMike Taylor
 
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERSORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERSIQ Online Training
 
Employee tracking and management system android app by Akshay Jagtap.
Employee tracking and management system android app by Akshay Jagtap.Employee tracking and management system android app by Akshay Jagtap.
Employee tracking and management system android app by Akshay Jagtap.AkshayJagtap39
 
Library Management System
Library Management SystemLibrary Management System
Library Management SystemÃßhāy Shårmá
 

Contenu connexe

En vedette

Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Zoho Corporation
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
 
7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​Zoho Corporation
 
Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Zoho Corporation
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Zoho Corporation
 
Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Zoho Corporation
 

En vedette (7)

Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​Decrypting the security mystery with SIEM (Part 2) ​
Decrypting the security mystery with SIEM (Part 2) ​
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
 
7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​7 tips to simplify Active Directory Management ​
7 tips to simplify Active Directory Management ​
 
Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​Overcoming the challenges of Office 365 user management in hybrid environments​
Overcoming the challenges of Office 365 user management in hybrid environments​
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​
 
Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...Active Directory security and compliance: Comprehensive reporting for key sec...
Active Directory security and compliance: Comprehensive reporting for key sec...
 
Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...Self-service password management and single sign-on for on-premises AD and cl...
Self-service password management and single sign-on for on-premises AD and cl...
 

Similaire à Effective User Life Cycle Management in Active Directory

Spreadsheet Management with the new Microsoft Office
Spreadsheet Management with the new Microsoft OfficeSpreadsheet Management with the new Microsoft Office
Spreadsheet Management with the new Microsoft OfficeDavid J Rosenthal
 
IRJET- Employee Management System
IRJET- Employee Management SystemIRJET- Employee Management System
IRJET- Employee Management SystemIRJET Journal
 
Blog Management System
Blog Management SystemBlog Management System
Blog Management SystemStudentRocks
 
dairy farm mgmt.pptx
dairy farm mgmt.pptxdairy farm mgmt.pptx
dairy farm mgmt.pptxMusabInamdar2
 
Enterprise Risk Management Software
Enterprise Risk Management SoftwareEnterprise Risk Management Software
Enterprise Risk Management SoftwareMike Taylor
 
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERSORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERSIQ Online Training
 
Employee tracking and management system android app by Akshay Jagtap.
Employee tracking and management system android app by Akshay Jagtap.Employee tracking and management system android app by Akshay Jagtap.
Employee tracking and management system android app by Akshay Jagtap.AkshayJagtap39
 
Streamlining the Client's Workflows (in Joomla)
Streamlining the Client's Workflows (in Joomla)Streamlining the Client's Workflows (in Joomla)
Streamlining the Client's Workflows (in Joomla)Randy Carey
 
College Management System
College Management SystemCollege Management System
College Management SystemAsfaque Khalid
 

Similaire à Effective User Life Cycle Management in Active Directory (20)

BMS-PPT-7viyvv.pptx
BMS-PPT-7viyvv.pptxBMS-PPT-7viyvv.pptx
BMS-PPT-7viyvv.pptx
 
Medicine For World
Medicine For WorldMedicine For World
Medicine For World
 
Intranet Solution Using Liferay
Intranet Solution Using LiferayIntranet Solution Using Liferay
Intranet Solution Using Liferay
 
ASSIGNMENT
ASSIGNMENT ASSIGNMENT
ASSIGNMENT
 
Seamless Business Process Management
Seamless Business Process ManagementSeamless Business Process Management
Seamless Business Process Management
 
Resume-Updated
Resume-Updated Resume-Updated
Resume-Updated
 
ADMP+PPT1.ppt
ADMP+PPT1.pptADMP+PPT1.ppt
ADMP+PPT1.ppt
 
Spreadsheet Management with the new Microsoft Office
Spreadsheet Management with the new Microsoft OfficeSpreadsheet Management with the new Microsoft Office
Spreadsheet Management with the new Microsoft Office
 
IRJET- Employee Management System
IRJET- Employee Management SystemIRJET- Employee Management System
IRJET- Employee Management System
 
Blog Management System
Blog Management SystemBlog Management System
Blog Management System
 
dairy farm mgmt.pptx
dairy farm mgmt.pptxdairy farm mgmt.pptx
dairy farm mgmt.pptx
 
Enterprise Risk Management Software
Enterprise Risk Management SoftwareEnterprise Risk Management Software
Enterprise Risk Management Software
 
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERSORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
 
Employee tracking and management system android app by Akshay Jagtap.
Employee tracking and management system android app by Akshay Jagtap.Employee tracking and management system android app by Akshay Jagtap.
Employee tracking and management system android app by Akshay Jagtap.
 
Library Management System
Library Management SystemLibrary Management System
Library Management System
 
Process Maker Features
Process Maker FeaturesProcess Maker Features
Process Maker Features
 
Streamlining the Client's Workflows (in Joomla)
Streamlining the Client's Workflows (in Joomla)Streamlining the Client's Workflows (in Joomla)
Streamlining the Client's Workflows (in Joomla)
 
Active Collab
Active CollabActive Collab
Active Collab
 
Hands-on Microsoft Flow
Hands-on Microsoft FlowHands-on Microsoft Flow
Hands-on Microsoft Flow
 
College Management System
College Management SystemCollege Management System
College Management System
 

Plus de Zoho Corporation

The Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementThe Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementZoho Corporation
 
One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.Zoho Corporation
 
Using indicators to deal with security attacks
Using indicators to deal with security attacksUsing indicators to deal with security attacks
Using indicators to deal with security attacksZoho Corporation
 
Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Zoho Corporation
 
Empowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementEmpowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementZoho Corporation
 
Change Monitoring of Active Directory
Change Monitoring of Active DirectoryChange Monitoring of Active Directory
Change Monitoring of Active DirectoryZoho Corporation
 
Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryZoho Corporation
 
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Zoho Corporation
 
ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...Zoho Corporation
 
Unisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyUnisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyZoho Corporation
 
Case study-self-password-management-camh
Case study-self-password-management-camhCase study-self-password-management-camh
Case study-self-password-management-camhZoho Corporation
 
Case study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisCase study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisZoho Corporation
 
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Zoho Corporation
 
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Zoho Corporation
 
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...Zoho Corporation
 
Indispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesIndispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesZoho Corporation
 
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyZoho Corporation
 
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADHow ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADZoho Corporation
 

Plus de Zoho Corporation (20)

The Future of integrated Identity and Access Management
The Future of integrated Identity and Access ManagementThe Future of integrated Identity and Access Management
The Future of integrated Identity and Access Management
 
One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.One portal for all your login needs - ADSelfService Plus Single sign-on.
One portal for all your login needs - ADSelfService Plus Single sign-on.
 
Using indicators to deal with security attacks
Using indicators to deal with security attacksUsing indicators to deal with security attacks
Using indicators to deal with security attacks
 
Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...Ensuring security and consistency of users' self-service actions in Active Di...
Ensuring security and consistency of users' self-service actions in Active Di...
 
Empowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory managementEmpowering ServiceNow help desk for Active Directory management
Empowering ServiceNow help desk for Active Directory management
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Change Monitoring of Active Directory
Change Monitoring of Active DirectoryChange Monitoring of Active Directory
Change Monitoring of Active Directory
 
Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active Directory
 
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
Microsoft, Active Directory, Security Management Tools and Where ManageEngine...
 
ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...ALIGN Technology timely alerts its employees of their password expiry using A...
ALIGN Technology timely alerts its employees of their password expiry using A...
 
Unisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case studyUnisource Worldwide Inc - An ADSelfservice Plus Case study
Unisource Worldwide Inc - An ADSelfservice Plus Case study
 
Case study-self-password-management-camh
Case study-self-password-management-camhCase study-self-password-management-camh
Case study-self-password-management-camh
 
Case study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreisCase study-administrative-office-schwarzwald-baar-kreis
Case study-administrative-office-schwarzwald-baar-kreis
 
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
Skorpion Zinc's loves 'Password Self-Service' & 'Profile Update' features of ...
 
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
Hampshire Collegiate Schools uses ManageEngine ADSelfService Plus password ma...
 
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
1200+ sighs of relief for the IT department at City of Grand Rapids - ADSelfS...
 
Indispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset IssuesIndispensable tool to help with Password Reset Issues
Indispensable tool to help with Password Reset Issues
 
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College MontmorencyADManager Plus Makes Admissions A CakeWalk For College Montmorency
ADManager Plus Makes Admissions A CakeWalk For College Montmorency
 
Helpdesk delegation
Helpdesk delegationHelpdesk delegation
Helpdesk delegation
 
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its ADHow ADManager Plus helped a local govt. wipe out stale accounts from its AD
How ADManager Plus helped a local govt. wipe out stale accounts from its AD
 

Dernier

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Effective User Life Cycle Management in Active Directory

  • 1. Effective Ways to Manage User Life Cycle in Active Directory
  • 2. What’s this whitepaper about? Although Active Directory is a powerful and popular directory service, there are significant gaps between its user management features and administrators’ needs, much of which could be owed to its lack of built-in functionality for common tasks. This commercial whitepaper authored by Derek Melber, Active Directory MVP, illustrates how key aspects of user lifecycle management are addressed by ManageEngine tools. About the author: Derek is a technical evangelist for the ADSolutions team at ManageEngine. As an Active Directory MVP, Derek is much sought after globally for his knowledge, insight, and keen understanding of the Windows product line. He writes for, speaks to, and educates thousands of IT professionals all across the world every year. You can reach Derek at derek@zohocorp.com.
  • 3. Provisioning, Managing, and De-provisioning User Accounts Through a Life Cycle Every organization has to deal with employee turnover. “People come and people go” as they say. Along with the turnover, the user accounts for all of those employees must also be managed. When employees are hired, new user accounts must be created. On the other end, when employees leave the organization, their user accounts must be disabled and eventually deleted. When a single user is hired or leaves the company, those tasks seem minor and quite simple. And they are. But what about an organization with an employee population of 5,000 to 10,000 or 100,000 – or more? Now, the turnover is not just one employee at a time. It’s more like hundreds of employees at a time. The management of user accounts must also coincide with the management of groups, computers, domain controllers, services, security, applications, files, and everything else that must be managed on a typical corporate network. Managing user accounts through the life of the account can be both taxing and unrelenting. However, some solutions manage users from creation, through changes over their employment, to removal when the user account is no longer needed. Such systems reassure administrators that all user accounts will be correctly managed and the daily tasks of user life cycle management will be addressed. User Account Life Cycle Overview All administrators are fully aware of what it takes to take a user account from inception to elimination. What most administrators aren’t fully aware of is the user account life cycle management procedure as a whole. Figure 1 illustrates what is required to manage a user account from the time it is created to the time it must be deleted from the system. Each stage has many moving parts and details that can get lost in daily activities, and that makes it vital to investigate a solution that will help take users from one stage to the next. Figure 1. User account life cycle.
  • 4. What Microsoft Active Directory Solutions Provide for User Life Cycle Management Everyone that has Active Directory is aware of the tools that Microsoft provides with the solution such as Active Directory Users and Computers, Active Directory Domains and Trusts, and tools that manage DNS, DHCP, and other network services. Microsoft even offers tools that are not 100% Active Directory related, such as System Center and PowerShell, which can be leveraged to help manage the Active Directory environment. What about user account management? What does Microsoft provide to the administrator to manage user accounts from creation through deletion? Let’s look at each key area of user account life cycle management to determine what Microsoft provides to help with the process. Creating User Accounts Microsoft provides Active Directory Users and Computers as the main tool for managing user accounts. The tool is designed to be a single view of a single domain, so you can see how the users are organized within the organizational units. When it comes to single user creation, Active Directory Users and Computers gets the job done – but not as seamlessly as most administrators would like. Due to the structure of the schema and the limitations of the user creation wizard, only a few of the most basic (and necessary) properties can be established during the creation of a user account. These properties can be seen in Figures 2 and 3, which show the options available during the creation of a user account using Active Directory Users and Computers. Figure 2. Basic properties that need to be established while creating a user
  • 5. Figure 3. All of the other properties for the user account must be configured “after” the user is created. This might not seem like a limitation, but it is when you have to create multiple users. The iterations of creating users and only then to have to edit each user to configure the properties can be time consuming. When it comes to creating users in bulk, using Active Directory Users and Computers is just not an option. But let’s say an HR rep hands you a CSV file containing the latest batch of new employees. Does Microsoft provide any tools that can take this list of employees and make user accounts for them? Technically, the answer is “yes” – but with great caveats. The longstanding tool, CSVDE, can take a CSV file containing employee names and other properties and create user accounts from it. The caveats? CSVDE offers no GUI, no confirmations of success, and no mechanism to identify failures or explain their cause. Another tool, PowerShell, can also create users in bulk. This tool has the same limitations as CSVDE. Finally, what does Microsoft provide the administrator who wants to create users using a template? Very little. For a single user, you can select an existing user account and “copy” it to create another single user account that will have the same group memberships as the copied user account. When it comes to bulk user creation templates, Microsoft has nothing to offer. In the end, Microsoft tools only offer a partial solution that confines you to creating single users, one at a time. Bulk user creation, using either CSV files or templates, just can’t be done efficiently using Microsoft tools.
  • 6. Managing User Accounts One of the more complex aspects of user account life cycle management is modifying user account properties to reflect changes in the user’s job, role, responsibilities, and access privileges. Group membership is simple at first glance but becomes complex as soon as group nesting, local groups, and access control list inclusion are involved. Keeping a tight rein on group membership is vital to the overall security of your Active Directory enterprise and asset management. Another key user account management issue is ensuring the correct location of each user account within the Active Directory structure. Incorrect placement of a user account in an organizational unit could lock down the user and render him or her unproductive. Incorrect placement could also loosen up security and give the user access to assets he or she should not be able to access. Unfortunately, Microsoft provides no tools to help manage user accounts during the life of the account. When employees’ roles, jobs, responsibilities, and access privileges change, Microsoft has nothing to help ensure the correct group membership or organizational unit location is correct. These corrections also include the properties related to a user account, which cannot be managed or altered based on an employee status. While a tool like PowerShell or VBScript could be used to perform such tasks, but those tools don’t come with these features by default. Someone would need to customize these tools to perform these management tasks. Even if successful, you still wouldn’t have a GUI or any reporting associated with the management to inform you of any issues that might arise during the management of the user accounts. De-provisioning of User Accounts When an employee leaves the company, good security protocol is to immediately eliminate the user account associated with the employee. This is often accomplished by disabling the user account and moving the user account to an organizational unit where it is locked down through group policy, which is controlling all of the user accounts in the organizational unit. For these scenarios, Microsoft tools do not provide any management of user accounts at this level. The Microsoft tools are geared towards initial creation, manual management, and manual control of the user account upon the employee’s departure from the company. What ManageEngine ADManager Plus Provides for User Life Cycle Management For any corporation or administrator charged with managing Active Directory, ADManager Plus provides easy user account management, automated user account management, provisioning, de-provisioning, and user account recovery. Any tool that goes beyond the Microsoft tools should be extremely easy to use, perform all of the actions in an area that you are addressing, and provide an immediate return to your company. ADManager Plus meets all of those requirements and more. Creating User Accounts The creation of a single user or even bulk users should be a streamlined, efficient, and easy process. ADManager Plus provides a simple-to-use interface for both single user and bulk user account creation. The Microsoft solution to creating user accounts relies heavily on the Active Directory schema and the mandatory attributes of the user object. That reliance is a downfall of the Microsoft solution and one that ADManager Plus avoids.
  • 7. When creating a single user or bulk users, ADManager Plus gives you the opportunity to configure all of the user attributes, eliminating the need to iterate back and forth, per user, to configure all of the user properties. Figure 4 illustrates the breadth of the user object properties that can be configured at user account creation. Figure 4. All user account properties can be configured during creation. A more complete list of user profile properties that are configurable at user creation include:  First name, last name, initials  Logon names  Display name  Employee ID  Office information  Logon script  User profile path  Delegations  Group memberships  Account expirations  Telephones, addresses, organization info  Exchange server details  Terminal server details  Custom attributes If multiple users need to be created, they it will often be created through a CSV file provided by HR or some other entity. ADManager Plus consumes CSV files with ease. Before generating the user accounts, ADManager Plus gives the administrator a summary of the user accounts that will be created and all of
  • 8. the properties that the CSV file includes. This information enables a more efficient method of creating user accounts, as there will be fewer errors and failures during the user creation process. Simply import the CSV file into ADManager Plus, so you can review the contents before the user accounts are created as shown in Figure 5. Figure 5. Importing CSV files is easy and provides for quick review for errors. Each row contains approximately 20 properties in this example, which can all be seen by scrolling across the table output. This allows for verification before the next step, which is to define which container the user accounts will be created in. This is a key aspect of the user account creation (single or bulk) as moving objects after creation can be difficult and can cause incorrect configurations if the objects are not located properly. The selection of the container is easy to make as a view of the Active Directory structure is presented, allowing you to choose the container as you can see in Figure 6.
  • 9. Figure 6. During user account creation, user accounts are located in the correct AD container. As you can see above, the creation of bulk user accounts using ADManager Plus is easy and efficient. And if you were to use the user template option, you could use wildcards and variables to generate the majority of the user properties, eliminating the need to have those fields in the CSV file or to fill out in the user creation GUI as seen in Figure 7.
  • 10. Figure 7. Templates allow for variables and wildcards for quick and efficient user account creation. Managing User Accounts Often, a user will move from one stage to another in his or her career. For instance, an intern becomes a full-time employee, a full-time employee becomes a contractor, a student advances from 1st grade to 2nd grade, or many other scenarios. In such situations, the user account must be modified to meet the new employee responsibilities, access demands, and other environment requirements. Without some reminder or existing workflow process, the administrator will need to remember to perform these actions on the date of the change to the employee. This work often will fall through the cracks, and the administrator will either forget to perform the action, or if many user accounts are affected, one or more user accounts will not be configured correctly. Instead of having a human responsible for such configurations, it is better to have a computer perform the action on the required day. Building in an automated schedule for how user accounts will be managed is extremely easy to do with ADManager Plus. As Figure 8 shows, you can create one or more actions that will be performed on the user account as the user account ages and as milestones are hit.
  • 11. Figure 8. Automation policies automatically perform actions to user accounts. Now, you are able to create an elaborate or simple set of rules that will apply to specific user accounts. The rules will have a schedule associated with them, which automatically performs the actions, so you don’t need to remember to perform the action. This will create a stable, secure, and compliant environment for all user accounts. De-Provisioning User Accounts In a similar fashion to managing a user account when the employee changes roles and responsibilities, user accounts need to be de-provisioned upon certain milestones. There are at least two scenarios in which user de-provisioning is viable. The first is when you know that a user account needs to be disabled, based on the employee contract or other factors related to the user. This could be the last step in the automated management of the user account in the section above. Another scenario is when an employee is separated from the organization and his or her account is disabled. Upon disabling the user account, the automated rule could place the user account into a different organizational unit. This would help keep the user account secured and locked down. Then, another rule in the automation policy could delete the user account after a certain period of time, per the corporate policy. That automation policy would look like Figure 9 in ADManager Plus.
  • 12. Figure 9. De-provisioning of user accounts is automatic to ensure security of the enterprise. With ADManager Plus, user accounts will no longer be orphaned, left enabled after separation, or retained in the Active Directory after the corporate policy’s purge time frame. Summary User account life cycle management is simple upon first glance, but the details and requirements for the creation, management, and de-provisioning of user accounts can be complex. The Microsoft tools are far from complete when it comes to user account life cycle management. In turn, administrators must perform more actions to complete mundane tasks or develop scripts to manage users as they move through their life cycle. ADManager Plus from ManageEngine solves those issues quickly, efficiently, and cost effectively. The tool is designed for every aspect of life cycle management for user accounts, as well as for other Active Directory objects. With its easy-to-use GUI configurations and its reporting and error information, ADManager Plus will make your user account management simple in the future.